Experian’s bogus “dark web surveillance” is bogus

So in my normal day to day living I’m not exposed to very many commercials at all, but this past Saturday night in a friendly get-together I happened to notice a commercial I’d never seen before. Experian, a credit and identity theft protection service, was advertising that part of their package is they engage in surveillance of the dark web for their customers benefit, to help ensure their customers’ credit/identity details aren’t being sold or posted on the dark web.

This “dark web surveillance” they claim to utilize is, at the very least, being presented in a less-than-honest fashion and worst case may just be an outright lie on their part. I’ll show you the reasons why they stink of deceitfulness and let you decide.

The first thing to look at here is the size of the dark web, no one is exactly sure just how big it is but looking at all online services together (both the surface/clear web where we use Google, Facebook, etc everyday as well as the more esoteric dark web (aka the hidden services) where we can find online black-markets for illegal drugs, weapons, software and stolen credit cards/identities being trafficked 24/7/365 internationally) a common estimate is that the surface web makes up only about 3% of the total, leaving the remaining 97% as dark web territory. That’s A LOT of space to try monitoring. I’m pretty sure they’re completely incapable of monitoring something that size competently.

Just for kicks, let’s give them the benefit of the doubt and pretend Experian is somehow the equivalent of Google but on the dark web. We’re pretending they’ve somehow managed to index the vast majority of the dark web, which is considerably larger than the surface web that Google strives to keep indexed and catalogued and requires multiple very large, dedicated data centers to manage. I don’t even have to fact-check this: Experian DOES NOT have/own/operate infrastructure that gets anywhere close to competing with Google’s. Let’s pretend though that somehow they’re beating Google at Google’s own game and are capable of monitoring most of the dark web with a fair measure of capability.

If monitoring the entire dark web were even possible, here’s the next big problem. Stealing individuals’ identities and credit details is a business unto itself. The people who steal the most credit cards and identities are the people who make it their full time job. These thieves are the most probable cause for most stolen identities and credit cards. These thieves rarely, probably never, use any of the identities or credit that they steal for themselves, instead they’ll sell it on one of the dark web black-markets for their customers’ use. Since the majority of credit and identity fraud passes through these dark web black-markets at some point, this is almost certainly where some Experian marketing doofus with a little too much moxy and not enough brains came up with “dark web surveillance” as a marketing gimmick. Since the thieves make money selling the information, they aren’t going to be posting the info up on a public page, they’re only going to private message the stolen info to the buyer.

Even monitoring the entire dark web, the only way Experian could ever possibly know that your personal info was stolen and sold on the dark web would be if they were the ones who bought your stolen info from the thief. I doubt they have enough of a revenue stream to buy up all of the identity/credit thieves’ available stock on anything approaching a semi-regular basis. It’s an amusing idea: if they purchase stolen personal/financial details from the thieves then they’d be secretly enabling or promoting the threat that they’re asserting they can help their subscribers to minimize. I don’t really think they go on there and buy stolen information, it seems to me that if they understood the dark web they’d realize how idiotic their surveillance claim is and this makes me doubt they’ve ever really used it. Of course, maybe they have and they just figure their prospective customers don’t have a clue about it so they can get away with it.

So to recap:

-Experian (along with pretty much everyone else) is largely incapable of monitoring something as large as the dark web in any capacity that gets even halfway to “effective” or “thorough”.

-Even if Experian could monitor the dark web effectively, about 99% of the time they would still have zero insight what identities had been stolen unless they were the ones that bought this stolen information.

I don’t work for Experian and never have, it’s certainly possible they may have something resembling a web crawler that’s aimlessly sorting through the tremendous jungle that is the dark web. While the sales and marketing teams clearly love touting the virtues of what they’ve christened “dark web surveillance”, I’d be shocked into speechlessness to ever learn if the guy that actually manages that technology felt it could ever have any usefulness outside of being a cheap marketing gimmick.

Marcus has worked for the better part of the past two decades as an IT Systems Administrator. Throughout his life he's been fascinated by finance and hopes the creation of cryptocurrency heralds a new era where banks, governments and centralized institutions lose their strangle-hold upon the citizenry's financial health and welfare.